Merge pull request #24 from Liftric/feat/update_gradle_plugin_version

feat(dependencies): update dependencies

Author: nvima

build.gradle.kts

@@ -50,9 +50,10 @@ tasks {
     }
     dockerCompose.isRequiredBy(integrationTestTask)
 
-    val pluginPropertiesBuildFolder = file("$buildDir/compileProperties/")
+    val pluginPropertiesBuildFolder = layout.buildDirectory.dir("compileProperties")
     val propertiesTask = register<WriteProperties>("writePluginProperties") {
-        outputFile = pluginPropertiesBuildFolder.resolve("plugin.properties")
+        val output = pluginPropertiesBuildFolder.get().file("plugin.properties").asFile
+        destinationFile = output
         property("vendor", "Liftric")
         property("name", rootProject.name)
         property("version", rootProject.version)
@@ -100,10 +101,12 @@ dependencies {
     implementation(libs.cyclonedxGradlePlugin)
 
     testImplementation(libs.junitJupiter)
+    testImplementation(libs.junitPlatform)
 
     "integrationTestImplementation"(gradleTestKit())
     "integrationTestImplementation"(libs.cyclonedxCoreJava)
     "integrationTestImplementation"(libs.junitJupiter)
+    "integrationTestImplementation"(libs.junitPlatform)
     "integrationTestImplementation"(libs.ktorClientCio)
     "integrationTestImplementation"(libs.ktorClientContentNegotiation)
     "integrationTestImplementation"(libs.ktorSerializationKotlinxJson)

gradle/libs.versions.toml

@@ -0,0 +1,31 @@
+[versions]
+cyclonedx-core-java = "11.0.1"
+cyclonedx-gradle-plugin = "3.1.0"
+junit = "6.0.1"
+kotlin = "2.2.21"
+ktor = "3.3.3"
+versioning = "3.1.0"
+dockerCompose = "0.17.12"
+gradlePluginPublish = "2.0.0"
+
+[plugins]
+versioning = { id = "net.nemerosa.versioning", version.ref = "versioning" }
+dockerCompose = { id = "com.avast.gradle.docker-compose", version.ref = "dockerCompose" }
+kotlinJvm = { id = "org.jetbrains.kotlin.jvm", version.ref = "kotlin" }
+kotlinSerialization = { id = "org.jetbrains.kotlin.plugin.serialization", version.ref = "kotlin" }
+gradlePluginPublish = { id = "com.gradle.plugin-publish", version.ref = "gradlePluginPublish" }
+
+[libraries]
+cyclonedxCoreJava = { module = "org.cyclonedx:cyclonedx-core-java", version.ref = "cyclonedx-core-java" }
+cyclonedxGradlePlugin = { module = "org.cyclonedx:cyclonedx-gradle-plugin", version.ref = "cyclonedx-gradle-plugin" }
+kotlinBom = { module = "org.jetbrains.kotlin:kotlin-bom", version.ref = "kotlin" }
+kotlinReflect = { module = "org.jetbrains.kotlin:kotlin-reflect", version.ref = "kotlin" }
+kotlinStdlibJdk8 = { module = "org.jetbrains.kotlin:kotlin-stdlib-jdk8", version.ref = "kotlin" }
+ktorClientCio = { module = "io.ktor:ktor-client-cio", version.ref = "ktor" }
+ktorClientCore = { module = "io.ktor:ktor-client-core", version.ref = "ktor" }
+ktorClientJson = { module = "io.ktor:ktor-client-json", version.ref = "ktor" }
+ktorClientSerialization = { module = "io.ktor:ktor-client-serialization", version.ref = "ktor" }
+ktorClientContentNegotiation = { module = "io.ktor:ktor-client-content-negotiation", version.ref = "ktor" }
+ktorSerializationKotlinxJson = { module = "io.ktor:ktor-serialization-kotlinx-json", version.ref = "ktor" }
+junitJupiter = { module = "org.junit.jupiter:junit-jupiter", version.ref = "junit" }
+junitPlatform = { module = "org.junit.platform:junit-platform-launcher", version.ref = "junit" }

gradle/wrapper/gradle-wrapper.properties

@@ -1,5 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.9-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.14.3-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

settings.gradle.kts

@@ -1,43 +1 @@
 rootProject.name = "dependency-track-companion-plugin"
-
-pluginManagement {
-    dependencyResolutionManagement {
-        versionCatalogs {
-            create("libs") {
-                version("kotlin", "1.9.25")
-                version("ktor", "2.3.12")
-                version("cyclonedx-core-java", "10.1.0")
-                version("cyclonedx-gradle-plugin", "2.1.0")
-                version("junit-bom", "5.10.3")
-
-                plugin("versioning", "net.nemerosa.versioning").version("3.1.0")
-                plugin("dockerCompose", "com.avast.gradle.docker-compose").version("0.17.7")
-                plugin("kotlinJvm", "org.jetbrains.kotlin.jvm").versionRef("kotlin")
-                plugin("kotlinSerialization", "org.jetbrains.kotlin.plugin.serialization").versionRef("kotlin")
-                plugin("gradlePluginPublish", "com.gradle.plugin-publish").version("1.2.1")
-
-                library("kotlinStdlibJdk8", "org.jetbrains.kotlin", "kotlin-stdlib-jdk8").versionRef("kotlin")
-                library("cyclonedxCoreJava", "org.cyclonedx", "cyclonedx-core-java").versionRef("cyclonedx-core-java")
-                library("cyclonedxGradlePlugin", "org.cyclonedx", "cyclonedx-gradle-plugin").versionRef("cyclonedx-gradle-plugin")
-                library("kotlinBom", "org.jetbrains.kotlin", "kotlin-bom").versionRef("kotlin")
-                library("ktorClientCio", "io.ktor", "ktor-client-cio").versionRef("ktor")
-                library("ktorClientCore", "io.ktor", "ktor-client-core").versionRef("ktor")
-                library("ktorClientJson", "io.ktor", "ktor-client-json").versionRef("ktor")
-                library("ktorClientSerialization", "io.ktor", "ktor-client-serialization").versionRef("ktor")
-                library(
-                    "ktorClientContentNegotiation",
-                    "io.ktor",
-                    "ktor-client-content-negotiation"
-                ).versionRef("ktor")
-                library(
-                    "ktorSerializationKotlinxJson",
-                    "io.ktor",
-                    "ktor-serialization-kotlinx-json"
-                ).versionRef("ktor")
-                library("kotlinReflect", "org.jetbrains.kotlin", "kotlin-reflect").versionRef("kotlin")
-                library("junitBom", "org.junit", "junit-bom").versionRef("junit-bom")
-                library("junitJupiter", "org.junit.jupiter", "junit-jupiter").versionRef("junit-bom")
-            }
-        }
-    }
-}

src/integrationTest/kotlin/com/liftric/dtcp/GenerateVexTest.kt

@@ -8,9 +8,6 @@ import org.junit.jupiter.api.Assertions.assertNotNull
 import org.junit.jupiter.api.Assertions.assertEquals
 import org.junit.jupiter.api.Test
 import java.io.File
-import java.nio.file.Files
-import java.nio.file.Paths
-import java.nio.file.StandardCopyOption
 import org.cyclonedx.parsers.JsonParser
 
 class GenerateVexTest: IntegrationTestBase() {
@@ -62,7 +59,7 @@ dependencyTrackCompanion {
             .withArguments("build", "generateVex")
             .withPluginClasspath().build()
 
-        val generatedVexFile = projectDir.resolve("build/reports/vex.json")
+        val generatedVexFile = projectDir.resolve("build/reports/cyclonedx/vex.json")
         assertTrue(generatedVexFile.exists())
         assertTrue(JsonParser().isValid(generatedVexFile))
 

src/main/kotlin/com/liftric/dtcp/DepTrackCompanionPlugin.kt

@@ -15,10 +15,10 @@ class DepTrackCompanionPlugin : Plugin<Project> {
             project.extensions.create(extensionName, DepTrackCompanionExtension::class.java, project)
 
         extension.inputFile.convention(
-            project.layout.buildDirectory.file("reports/bom.json")
+            project.layout.buildDirectory.file("reports/cyclonedx/bom.json")
         )
         extension.outputFile.convention(
-            project.layout.buildDirectory.file("reports/vex.json")
+            project.layout.buildDirectory.file("reports/cyclonedx/vex.json")
         )
         extension.autoCreate.convention(false)
 
@@ -38,7 +38,7 @@ class DepTrackCompanionPlugin : Plugin<Project> {
 
         val generateSbom = project.tasks.register("generateSbom") { task ->
             task.group = taskGroup
-            task.description = "Generate SBOM file"
+            task.description = "Generate aggregated SBOM file"
             task.dependsOn("cyclonedxBom")
         }
 

src/main/kotlin/com/liftric/dtcp/tasks/GenerateVexTask.kt

@@ -13,13 +13,13 @@ import java.io.File
 import java.nio.file.Files
 import java.nio.file.Paths
 import org.cyclonedx.model.*
+import org.cyclonedx.model.metadata.ToolInformation
 import org.gradle.api.DefaultTask
 import org.gradle.api.file.RegularFileProperty
 import org.gradle.api.provider.ListProperty
 import org.gradle.api.tasks.*
 import java.util.*
 
-
 abstract class GenerateVexTask : DefaultTask() {
     @get:InputFile
     abstract val inputFile: RegularFileProperty
@@ -36,7 +36,7 @@ abstract class GenerateVexTask : DefaultTask() {
     private val vexFile = Bom()
 
     @TaskAction
-    fun generateCyclonDXVex() {
+    fun generateCycloneDXVex() {
         val inputFileValue = inputFile.get().asFile
         val outputFileValue = outputFile.get().asFile
         val vexComponentList = vexComponent.get().map { it.build() }
@@ -81,12 +81,17 @@ abstract class GenerateVexTask : DefaultTask() {
         vexFile.metadata = Metadata()
         vexFile.metadata.timestamp = Date()
         vexFile.metadata.component = sbom.metadata.component ?: Component()
-        val pluginData = Tool().apply {
-            vendor = props.getProperty("vendor")
+        val pluginData = Component().apply {
+            manufacturer = OrganizationalEntity().apply {
+                name = props.getProperty("vendor")
+            }
             name = props.getProperty("name")
             version = props.getProperty("version")
+            type = Component.Type.LIBRARY
+        }
+        vexFile.metadata.toolChoice = ToolInformation().apply {
+            components = listOf(pluginData)
         }
-        vexFile.metadata.tools = listOf(pluginData)
     }
 
     private fun readPluginProperties(): Properties {

src/main/kotlin/com/liftric/dtcp/tasks/GetOutdatedDependenciesTask.kt

@@ -59,10 +59,7 @@ abstract class GetOutdatedDependenciesTask : DefaultTask() {
             throw GradleException("Project does not have direct dependencies")
         }
 
-        val directDependencies = Json {
-            ignoreUnknownKeys = true
-        }.decodeFromString<List<DirectDependency>>(project.directDependencies)
-
+        val directDependencies = json.decodeFromString<List<DirectDependency>>(project.directDependencies)
 
         // Component API is currently limited to 100 results per request
         var offset = 0
@@ -97,4 +94,8 @@ abstract class GetOutdatedDependenciesTask : DefaultTask() {
         val reset = "\u001b[0m"
         println("${purl}: $red${version}$reset -> $green${latestVersion}$reset")
     }
+
+    private val json = Json {
+        ignoreUnknownKeys = true
+    }
 }